Security 'guru' questions the need for a security industry

Controversially, and rather simplistically, he seemed to suggest that the security industry’s existence indicates the willingness of other technology companies to ship insecure hardware and software.

“We shouldn’t have to come and find a company to secure our email. Email should already be secure. We shouldn’t have to buy from somebody to secure our network or servers. Our networks and servers should already be secure,” he said.

Oh yes, Bruce, D’oh! Why didn’t anyone think of that before? Genius!

Or, maybe, as Graham Cluley from leading security firm Sophos said, the dream is a long way from reality. “It would be great if robberies didn’t happen and if road accidents didn’t happen and if I didn’t stub my toe but what you have to realise is that software developers are human and humans make mistakes,” he said.

“I can’t imagine there ever being a 100 percent secure operating system, because a vital component of programming that operating system is human.”

Sure, it would be great if operating systems and other software were completely secure on their own, and if there weren’t a myriad of criminals and crackers wanting to commit cyber-crime, but the fact is that this is a constant war.

Post navigation

One thought on “Security 'guru' questions the need for a security industry”

Perhaps Mr. Schneier’s comment should be thought about in context and slightly more before you respond.

Bruce Schneier often discusses the process of security, including where a failure to take security into account in one facet leads to problems in other areas. Take email, as an example, the openness of our current protocols impacts the security of users by easing the entry of malicious messages. Thus a wider scope of thinking about security can help us solve what appear to be difficult problems by stepping back and trying to solve them somewhere else.

Mr. Schneier has many other valuable ideas that he has contributed to this topic, I suggest that you pick up one of his books and read it. That might help you form an informed opinion instead of ranting based on a tiny quote from a vast contribution.